Aw: Re: Re: encrypted rsyncd - why was it never implemented?

Kevin Korb kmk at sanitarium.net
Wed Dec 3 13:38:51 MST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First off, this isn't "restricted shell".  Second, the user's shell
can also match the forced command so that no shell (especially bash)
is involved.

On 12/03/2014 03:09 PM, devzero at web.de wrote:
>> The benefit of rsync over ssh secured by rrsync is that it is
>> more like what rsync users are already used to.
> 
> i don`t like rsync over ssh in an environemt with users you can´t
> trust.
> 
> from a security perspective, i think such setup is broken by
> design.
> 
> it`s a little bit like giving a foreigner the key to your front
> door and then hope that the door in the corridor to your room will
> be "secure and stable enough".
> 
> some reasons why i think this way can be found here: 
> https://www.google.de/search?q=ssh+restricted+shell+bypass
> 
> regards roland
> 
> 
> 
>> Gesendet: Mittwoch, 03. Dezember 2014 um 20:37 Uhr Von: "Kevin
>> Korb" <kmk at sanitarium.net> An: devzero at web.de Cc:
>> rsync at lists.samba.org Betreff: Re: Aw: Re: encrypted rsyncd - why
>> was it never implemented?
>> 
> As far as a backup provider goes I wouldn't expect them to use
> rsync over SSL unless that were built into rsync in the future (and
> has been around long enough that most users would have it).
> 
> I would expect them to either use rsync over ssh secured by rrsync
> or rsyncd over ssh with them managing the rsyncd.conf file.  Either
> way the server side command would be forced and no other ssh
> functionality would be allowed.
> 
> The benefit of rsync over ssh secured by rrsync is that it is more 
> like what rsync users are already used to.
> 
> The benefit of rsyncd over ssh would be that the provider would
> manage the rsyncd.conf files (1 per user) and could make a web UI
> to control certain aspects of it.
> 
> I am thinking of something like this with in sshd_config with 
> whichever ForceCommand they would pick:
> 
> Match Group backupusers X11Forwarding no AllowTcpForwarding no 
> ForceCommand /usr/bin/rsync --server --daemon . ForceCommand
> /usr/bin/rrsync-wrapper
> 
> Note that a wrapper or modification would be needed for rrsync
> since sshd_config doesn't support %u or %h in ForceCommand :(
> 
> 
> On 12/03/2014 02:20 PM, devzero at web.de wrote:
>>>> from a security perspective this is bad. think of a backup
>>>> provider who wants to make rsyncd modules available to the
>>>> end users so they can push backups to the server. do you
>>>> think that such server is secure if all users are allowed to
>>>> open up an ssh shell to secure their rsync transfer ?
>>>> 
>>>> ok, you can restrict the ssh connection, but you open up a
>>>> hole and you need to think twice to make it secure - leaving
>>>> room for hacking and circumventing ssh restrictions.
>>>> 
>>>> indeed, rsyncd with ssl is quite attractive, but adding ssl
>>>> to rsync adds quite some complexity and also increases
>>>> maintenance work.
>>>> 
>>>> for some time there is a ssl patch in the contrib directory,
>>>> but i`m curious why nobody is aware of rsyncssl, which is not
>>>> a perfect but quite some elegant solution to support wrapping
>>>> rsyncd with ssl via stunnel:
>>>> 
>>>> http://dozzie.jarowit.net/trac/wiki/RsyncSSL 
>>>> https://git.samba.org/?p=rsync.git;a=commit;h=70d4a945f7d1ab1aca2c3ca8535240fad4bdf06b
>>>>
>>>>
>>>> 
regards roland
>>>> 
>>>> 
>>>> 
>>>>> Gesendet: Mittwoch, 03. Dezember 2014 um 19:19 Uhr Von:
>>>>> "Kevin Korb" <kmk at sanitarium.net> An: rsync at lists.samba.org
>>>>> Betreff: Re: encrypted rsyncd - why was it never
>>>>> implemented?
>>>>> 
>>>> You can run rsyncd over ssh as well.  Either with -e ssh 
>>>> host::module or you can use ssh's -L to tunnel the rsyncd
>>>> port. The difference is which user ends up running the
>>>> rsyncd.
>>>> 
>>>> On 12/03/2014 12:40 PM, Tomasz Chmielewski wrote:
>>>>>>> rsync in daemon mode is very powerful, yet it comes
>>>>>>> with one big disadvantage: data is sent in plain.
>>>>>>> 
>>>>>>> The workarounds are not really satisfying:
>>>>>>> 
>>>>>>> 
>>>>>>> - use VPN - one needs to set up an extra service, not
>>>>>>> always possible
>>>>>>> 
>>>>>>> - use stunnel - as above
>>>>>>> 
>>>>>>> - use SSH - is not as powerful as in daemon mode (i.e.
>>>>>>> read only access, chroot, easy way of adding/modifying
>>>>>>> users and modules etc.)
>>>>>>> 
>>>>>>> 
>>>>>>> Why was encrypted communication in rsyncd never
>>>>>>> implemented? Some technical disagreements? Nobody
>>>>>>> volunteered?
>>>>>>> 
>>>>>>> 
>>>> 
>>>>> -- Please use reply-all for most replies to avoid omitting
>>>>> the mailing list. To unsubscribe or change options: 
>>>>> https://lists.samba.org/mailman/listinfo/rsync Before
>>>>> posting, read:
>>>>> http://www.catb.org/~esr/faqs/smart-questions.html
>>>>> 
> 
>> 

- -- 
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
	Orlando, Florida		kmk at sanitarium.net (personal)
	Web page:			http://www.sanitarium.net/
	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlR/dNsACgkQVKC1jlbQAQfCxQCfQw1JOXL4aF9MrU2EFznwEjUl
WkgAn0F4QkgrM7M2KA03PeDdUFuNLY4Q
=oEpE
-----END PGP SIGNATURE-----

More information about the rsync mailing list